[CERT-daily] Tageszusammenfassung - Freitag 16-09-2016

Fri Sep 16 18:01:51 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 15-09-2016 18:00 − Freitag 16-09-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** DSA-3668 mailman - security update ***
---------------------------------------------
It was discovered that there was a CSRF vulnerability in mailman, aweb-based mailing list manager, which could allow an attacker to obtaina users password.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3668


*** Yokogawa STARDOM Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass vulnerability in the Yokogawa STARDOM controller.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-259-01


*** ABB DataManagerPro Credential Management Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a credential management vulnerability in ABB’s DataManagerPro application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02


*** Trane Tracer SC Sensitive Information Exposure Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-259-03


*** Attack Leverages Windows Safe Mode ***
---------------------------------------------
Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network.
---------------------------------------------
http://threatpost.com/attack-leverages-windows-safe-mode/120622/


*** Ransomware Getting More Targeted, Expensive ***
---------------------------------------------
I shared a meal not long ago with a source who works at a financial services company. The subject of ransomware came up and he told me that a server in his ..
---------------------------------------------
http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive/


*** DSA-3670 tomcat8 - security update ***
---------------------------------------------
Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3670


*** DSA-3669 tomcat7 - security update ***
---------------------------------------------
Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3669


*** Necurs – the Heavyweight Malware Spammer ***
---------------------------------------------
Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its spamming activities. The botnet has been responsible for a massive ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Necurs-%e2%80%93-the-Heavyweight-Malware-Spammer/


*** Trend Micro Internet Security vulnerability where files may be excluded as scan targets ***
---------------------------------------------
Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets.
---------------------------------------------
http://jvn.jp/en/jp/JVN98126322/


*** Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting ***
---------------------------------------------
Splunk Enterprise and Splunk Lite contain a cross-site scripting vulnerability.Note that this vulnerability is different from JVN#74244518.
---------------------------------------------
http://jvn.jp/en/jp/JVN71462075/


*** Gefährliche Inhalte effektiver erkennen: Google baut Webseiten-Scan aus ***
---------------------------------------------
Webmaster können ihre Seiten nun noch tiefgehender nach unter anderem Malware-Verweisen und gefährlichen Downloads durchsuchen lassen.
---------------------------------------------
http://heise.de/-3325042


*** Erste Sicherheitslücken im Krypto-Messenger Signal entdeckt ***
---------------------------------------------
Ein Programmierfehler in Signal erlaubt die Manipulation von Dateianhängen. Über einen zweiten hätten Angreifer Schadcode aus der Ferne einschleusen können, hätte ein dritter Bug diesen Angriff nicht verhindert.
---------------------------------------------
http://heise.de/-3325242


*** Erpressungstrojaner: Stampado verschlüsselt von Ransomware verschlüsselte Dateien ***
---------------------------------------------
Ein neuer Erpressungstrojaner hat eine besonders gemeine Taktik: Verschlüsselt werden Dateien, die bereits von anderer Ransomware verschlüsselt wurden. Zum Glück gibt es Abhilfe.
---------------------------------------------
http://www.golem.de/news/erpressungstrojaner-stampado-verschluesselt-von-ransomware-verschluesselte-dateien-1609-123296.html